介绍 (Introduction)
TLS, or “transport layer security” — and its predecessor SSL — are protocols used to wrap normal traffic in a protected, encrypted wrapper. Using this technology, servers can safely send information to their clients without their messages being intercepted or read by an outside party.
TLS或“传输层安全性”(及其前身SSL )是用于将正常流量包装在受保护的加密包装器中的协议。 使用此技术,服务器可以安全地向其客户端发送信息,而不会被外界拦截或读取其消息。
In this guide, we will show you how to create and use a self-signed SSL certificate with the Apache web server on Ubuntu 20.04.
在本指南中,我们将向您展示如何在Ubuntu 20.04上的Apache Web服务器上创建和使用自签名SSL证书。
Note: A self-signed certificate will encrypt communication between your server and any clients. However, because it is not signed by any of the trusted certificate authorities included with web browsers and operating systems, users cannot use the certificate to validate the identity of your server automatically. As a result, your users will see a security error when visiting your site.
注意:自签名证书将加密服务器与任何客户端之间的通信。 但是,由于该证书未由Web浏览器和操作系统随附的任何受信任证书颁发机构签名,因此用户无法使用该证书来自动验证服务器的身份。 结果,您的用户在访问您的网站时将看到安全错误。
Because of this limitation, self-signed certificates are not appropriate for a production environment serving the public. They are typically used for testing, or for securing non-critical services used by a single user or a small group of users that can establish trust in the certificate’s validity through alternate communication channels.
由于此限制,自签名证书不适用于为公众服务的生产环境。 它们通常用于测试或保护单个用户或一小组用户使用的非关键服务,这些服务可以通过备用通信通道建立对证书有效性的信任。
For a more production-ready certificate solution, check out Let’s Encrypt, a free certificate authority. You can learn how to download and configure a Let’s Encrypt certificate in our How To Secure Apache with Let’s Encrypt on Ubuntu 20.04 tutorial.
有关更适合生产的证书解决方案,请查看免费的证书颁发机构Let's Encrypt 。 您可以在《 如何在Ubuntu 20.04上使用Let's Encrypt来保护Apache》中学习如何下载和配置Let's Encrypt证书。
先决条件 (Prerequisites)
Before starting this tutorial, you’ll need the following:
开始本教程之前,您需要满足以下条件:
Access to a Ubuntu 20.04 server with a non-root, sudo-enabled user. Our Initial Server Setup with Ubuntu 20.04 guide can show you how to create this account.
以非root用户 ,启用sudo的身份访问Ubuntu 20.04服务器。 我们的《 使用Ubuntu 20.04进行初始服务器设置》指南可以向您展示如何创建该帐户。
You will also need to have Apache installed. You can install Apache using
apt
. First, update the local package index to reflect the latest upstream changes:您还需要安装Apache。 您可以使用
apt
安装Apache。 首先,更新本地软件包索引以反映最新的上游更改:
- sudo apt update sudo apt更新
Then, install the apache2
package:
然后,安装apache2
软件包:
- sudo apt install apache2 须藤apt install apache2
And finally, if you have a ufw
firewall set up, open up the http
and https
ports:
最后,如果您设置了ufw
防火墙,请打开http
和https
端口:
- sudo ufw allow "Apache Full" sudo ufw允许“ Apache Full”
After these steps are complete, be sure you are logged in as your non-root user and continue with the tutorial.
完成这些步骤之后,请确保您以非root用户身份登录并继续学习本教程。